Banking & Finance: Why is ransomware the main source of cyber threats to the sector?



Back to all articles

At the heart of today’s economic activity, the banking and financial sector faces a range of challenges that now almost systematically include a cyber component. The increasing digital exposure of banking and finance companies, the potentially high profits for attackers and the heterogeneous levels of security are all reasons why this sector of activity is attractive to cybercriminal groups.

Citalid’s Cyber Threat Intelligence team has just produced a report on the cyber threat landscape for the banking and finance sector in 2023. Ransomware, bank fraud, data leakage, availability breaches and espionage – there are many attack scenarios targeting the banking and financial sector in 2023. For more information on these attacks, download the full study.

Download Ebook

Ransomware : map

Cyber challenges for the banking and financial sector.

Due to the specific nature of its activities, the banking and financial sector faces several challenges that need to be addressed in the context of cybersecurity. The reason for these challenges lies in the fact that trust is an essential value for the smooth running of the sector’s activities. 

Firstly, the sector is subject to strong regulatory and sectoral constraints. NIS, DORA, GDPR, PCI-DSS, ORSA… are all legislative texts to which companies are subject to strengthen the security and resilience of the sector. Cyber risk is taken very seriously, especially at European level.

The banking and finance sector is also characterised by a competitive evolution of the market, with the arrival of new players such as fintechs and neo-banks, whose offer is mainly based on digital aspects. This characteristic makes these companies particularly vulnerable to cyber-attacks and interested intrusion sets, attracted by the lure of profit.

Customer volatility is also one of the main challenges facing the banking and financial sector. The arrival of the new players mentioned above is turning the market upside down and disrupting the traditional players in the sector. Customers are increasingly willing to purchase services from different institutions.

The sector has also undergone significant digitisation in recent years. To meet their customers’ expectations, companies are embarking on digital transformation processes and seeking to take advantage of new technologies such as artificial intelligence and blockchain. As in other sectors of the economy, COVID-19 has introduced new working practices linked to digital technology, such as teleworking. These new habits are increasing companies’ exposure to cyber risks, which is a major cybersecurity challenge for the banking and finance sector.

The exposure to cyber risk is amplified by multiple sectoral linkages, with many players involved in infrastructure, payment systems or services provided to customers. What’s more, companies are not reluctant to form partnerships with innovative players to keep pace with new market trends. For this reason, the cybersecurity of stakeholders is also an important issue for the banking and financial sector.

Finally, although no cyber-attack has yet led to an economic and financial crisis, cyber risk now has a potentially systemic dimension, as the NotPetya and WannaCry attacks in 2017 or, more recently, the cyber-attack on Solarwinds (2020) have already suggested.


Download Ebook


Ransomware : a major threat to banking and finance organisations.

Ransomware was one of the most common types of attack against organisations in the banking and financial sector in 2023. Ransomware is a type of malicious software designed to block access to an information system, usually by encrypting data, until a sum of money is paid. Today, this threat is often combined with other levers against the victim to increase the pressure to pay the ransom: attackers release previously exfiltrated data or launch a distributed denial-of-service attack against storefront websites.

Ransomware : key figures

Cybercriminal ecosystems have become more structured and professional, with a convergence towards techniques, tactics and procedures previously reserved for state-sponsored intrusion sets, as demonstrated by the exploitation of 0-day vulnerabilities by Cl0p in July 2023. Attackers are bold, targeting banking and financial organisations regardless of size or geography.

This type of multi-sector threat is generally known to the public, given its impact and visibility. The ransomware threat is currently the largest and most publicised across all sectors.

The finance and banking sector is no exception to the growing threat of ransomware, which has increased significantly in recent years. According to Sophos, a US-based cybersecurity software company, ransomware attacks against this sector will increase by 64% by 2023, based on a globally representative analysis. Only 14% of these attacks were detected before the data was encrypted.

In 2023, many organisations in the banking and finance sector will be compromised by multiple ransomware attacks. According to Trend Micro’s observations, the banking sector was the most affected by ransomware attacks in the first half of 2023, with more than 9,000 detections.

Intrusion sets use a strategy of double or even triple extortion to force their victims to pay a ransom. Exfiltration, selling and blackmailing data, DDoS attacks, etc. are just some of the techniques used to maximise the ransom. These are all techniques used to maximise the pressure on targeted companies.  According to Sophos, this combination of encryption and exfiltration have been noticed in 25% of attacks targeting the banking and financial sector in 2023.

Since the beginning of 2023, cybercriminals have increasingly favoured blackmail linked to the disclosure of data, rather than simply encrypting systems. According to ANSSI, some attackers, such as FIN12, resort to “time-to-ransom”: they decide when to encrypt the targeted systems based on the expected profitability in relation to the time invested in deploying the ransomware. Once again, this is a way of maximising profit.

According to Sophos, the amount of ransom paid doubled between 2022 and 2023, with an average ransom of $1.6 million compared to the general average of $1.5 million, reflecting a certain dynamism in ransomware attacks against companies in the banking and finance sector.

Attackers are not only using ransomware to target banking and finance companies. Denial of service (DDoS) attacks, bank fraud and availability breaches are all threats to this sector. To find out more, download our report.

Download Ebook


Understanding the threat to manage cyber risk : an important issue in the banking and financial sector.


We believe it is essential to have a good understanding of the cyber threat in order to be better protected against it. That’s why we combine CRQ with CTI (Cyber Threat Intelligence). Our team of strategic CTI analysts continuously monitors over 700 cyber threat actors, enabling us to produce sector-specific analysis reports tailored to our customers’ businesses, informing them of the state of the threat they face. These reports are the result of daily monitoring of both cyber threats and geopolitical news, as well as sector-specific expertise.

Citalid is a cyber risk management solution based on CRQ (Cyber Risk Quantification). Our platform is tailored to players in the banking and finance sector and enables you to assess your organisation’s exposure to cyber risk. It provides actionable financial indicators so you can make informed decisions to optimise your cyber security and insurance policies. It enables proactive risk management, which is an asset when it comes to compliance.

New sector reports will be released shortly, so keep up to date by subscribing to our newsletter.

Subscribe To The Newsletter

Banner CTI Banking Finance

Previous article ->


Related Content